|
BIND9 logging gets too verbose (too chatty) for my taste
Hello!
I've configured logging in my BIND9 server and I have 2 log files: 1) debug.log; 2) query.log. The second one is Okay. No complaints so far. But the first one is too verbose (too chatty) for me. Like 90% of what it says there I don't even understand. You get like 100's of thousands of text lines within couple of hours only. That's crazy! Here how it's set: Code:
channel debug_log {The next level (less chatty) would be: Code:
severity info; |
Quote:
Besides debug is used for debugging purposes, so it's not recommended for a production dns server Regards |
Thanks for your reply!
I don't know... After I switched to info, both logs stopped doing anything (they're both empty). Here's my full logging section: Quote:
|
Sorry, had to re-start BIND. Now my second file gets the info (query.log), but debug.log is still empty.
Has switched debug.log to notice, still no difference. query.log is getting the info, but debug.log is still empty. Looks like it needs to be done differently... |
Quote:
If you want, you can turn severity to info (the default), so you get some logs. Read this for more info Regards |
Thanks for your reply!
Frankly, it needs some clarification for me. Otherwise, I don't quite understand. Are you saying that in my debug.log I won't get any info if all works right? But that's when I use info level or less. When I had severity level debug 3, I got too much info being added into the log file. Again, right now I'm talking about my 1st log file (debug.log). As per 2nd log file (query.log), it gets "populated" without any issues, no matter what. Is it Okay to have two different levels of severity at the same time for my two log files OR I'd better stick to just one? Does it make any difference? |
Quote:
Quote:
The default severity info is good in most cases. Quote:
In a production server with a modest traffic, you don't even need to log the queries, as it makes the respective logfile getting big very fast. That's why the queries category is not enabled by default in bind logging. So it's up to you what you want to log and how to do this. BTW you can use rndc to change the logging setting at run-time. |
Thank you!
Well, I should probably learn some more about BIND9 logging, 'cos it seems to me a little bit more complicated than it should've been. And what about just temporarily commenting out just the debug.log section? Should I use # for that? |
Quote:
Quote:
|
Some update:
I have severity level "notice" for debug.log After I turned on my PC, there's something new that was added to the file: 02-Nov-2015 19:16:01.684 security: warning: using built-in root key for view _default And query.log works as usual. Does it mean that both files are getting the info that they should be getting under the conditions set in named.conf.local? Should I just leave it alone for now and IF there're problems with BIND, then I could escalate the severity level to debug 3 for debugging purposes? |
Quote:
Quote:
Quote:
|
Thanks for your reply!
How could it be that I'm using severity level "warning", when my debug.log is set to "notice" and query.log to "dynamic"? Can I make it this way? Quote:
OR... I could do this? Quote:
|
P.S. In my example above " 02-Nov-2015 19:16:01.684 security: warning: using built-in root key for view _default" I just happened to extract the line which corresponded to a LOWER LEVEL than the current that was set at a time. Bad example.
|
Yes you can have debug stuff commented out and uncomment it when needed
Or you can set the debug level to 0 at a first place and use Code:
rndc trace X |
Thank you!
|
| All times are GMT -5. The time now is 12:08 AM. |